TRENDING

You've got no mail

'Our strategy was to migrate the users on a site-by-site basis. That made the most sense for us.'

'SSA's Bill gray

With Microsoft Exchange 5.5 on its way out, agencies must carefully migrate e-mail systems without disrupting service.

For the Social Security Administration, upgrading its e-mail servers from Microsoft Corp.'s Exchange Server 5.5 to Exchange Server 2003 proved to be a job so monumental that the agency had to break it into segments.

'Our strategy was to migrate the users on a site-by-site basis. That made the most sense for us,' said Bill Gray, deputy commissioner for systems at SSA. 'If we tried to do entire regions at a time, it would really affect the performance.'

Most agencies will undertake a similar upgrade this year, if they haven't already. At the end of this year, Microsoft will cease supporting its Exchange Server 5.5. No longer will the Redmond, Wash., giant supply routine bug fixes or vulnerability patches. Routine telephone support'either free or of the charge-per-incident variety'will no longer be offered, and shiny new Microsoft products may not work with Exchange 5.5.

Given the pervasiveness of Exchange 5.5'software that manages employee contact lists, calendars and e-mail'such upgrades will prove to be one of the major IT projects for many agencies this year. But the upgrades are necessary.

'For any of our customers who are still on 5.5, virtually all of them are either in the process of migrating or have placed it very high on the priority list of things that need to be done,' said Scott Spencer, director for the enterprise software solutions technology practice of government reseller GTSI Corp. of Chantilly, Va.

The good news is that employees can experience little or no downtime of their messaging clients'if a solid migration strategy is in place.

'It's not easy. It requires a lot of planning. There are a lot of factors involved, so you want to make sure you plan and execute well,' Spencer said.

Complicating the process somewhat is the fact that if the agency wants to take full advantage of Exchange 2003's enterprise features, they may have to re-architect their messaging systems'a move that will consolidate servers.

'What is happening is that everyone had their own Exchange server on the corner, and now everyone is pulling them together,' said Don Tarkenton, account manager for Quest Software Inc. of Irvine, Calif., which offers programs to ease migration.

Migration mountain

SSA started upgrading its Exchange servers in January 2004, Gray said. It's no small project. The agency's six regional centers oversee 91,000 e-mail accounts. The IT office spent the first six months planning, and throughout the summer of 2004 it piloted several Exchange 2003 implementations. Now, SSA is rolling out the live units. About 13,000 mailboxes have been converted.

'We needed to do testing, testing, testing, to make sure we didn't run into any problems,' Gray said.

Social Security is not the only agency on the move. The Army has also set an ambitious plan in motion to replace the service's Exchange servers by 2006. The plan involves placing all Army personnel on a single e-mail system.

The service upgraded all its Exchange servers in South Korea during a blazingly quick four-month period last year, a job that involved 18,000 accounts, according to Army Maj. Earl Robinson, assistant product manager for the migration in Korea.

The Army awarded systems integrator Internosis of Greenbelt, Md., an $850,000 contract to help complete the job in Korea.

'Migrations don't have to be difficult,' said Fred Wink, senior public sector vice president of Internosis, which specializes in helping agencies set up and execute large upgrades of this nature.Preparation is the key to a successful upgrade, he said. The IT office should schedule when each server will switch over and stagger the rollout, either by sets of users or by geographical region. Communications should be sent to alert all involved parties. And the agency should establish a test lab where deployment teams can get implementation training.

'We usually upgrade in stages,' Spencer said. 'A large organization distributed across multiple sites might [upgrade] site by site and maintain coexistence between the two environments until it moves everyone over to the new environment.'

A good implementation 'should be totally transparent to the users, done offline or with scheduled outages,' Wink said. He noted that in Korea, upgrades were done overnight, sometimes as many as 500 users per night.

'There was no downtime apparent to the soldiers,' Robinson said, noting that even soldiers dispatched to Iraq during the upgrades did not experience service disruptions.

At least in one respect, moving away from Exchange 5.5 requires twice as much work as any other software upgrade, because organizations must install not only the new version of Exchange but also an entirely separate application'Microsoft's Active Directory'with its own software and hardware requirements.

'One of the things that makes the migration more difficult is that it is actually two migrations,' said Quazi Zaman, platform technology specialist manager of Microsoft's federal division.

Released in 1997, Exchange 5.5 included a mechanism for authenticating users. As organizations set up their e-mail accounts, they assigned each user a name and password within Exchange, which users needed to access their data. Subsequently, Microsoft moved the Exchange directory service engine into the operating system itself, so it could be used by other applications, Zaman said. Today, Active Directory is Microsoft's enterprise authentication system and is used by Exchange 2003.

As a result, the first step of any migration from Exchange 5.5 is to set up an Active Directory for the organization. SSA, for instance, didn't start upgrading Exchange until it had an agencywide authentication directory, Gray said.

For its Continental United States operations, the Army first deployed an Active Directory, allowing installations to upgrade their Exchange servers themselves, said Maggi Patton, Active Directory implementation lead for the Army.

Microsoft's Active Directory Migration Tool can help administrators move Exchange account passwords to the new Windows Active Directory environment. And fortunately, after Active Directory is installed, an office can still use Exchange 5.5, experts note. Microsoft provides a module, Active Directory Connector, that redirects Exchange's authentication requests to Active Directory, allowing both to work together in a seamless operation.

Size matters

Before getting started, the upgrade team may have to rethink an organization's messaging architecture.

The original version of Exchange 5.5 was limited to around 2,000 users per server, since it relied on a single database that could only scale to 16G. Larger organizations created multiple smaller domains to serve employees and designed their backup requirements around these distributed setups. As a result, agencies ended up with a patchwork of different Exchange environments, each maintained at a local level.

Exchange 2003 breaks through the technical limitations of 5.5. Each server can support up to 20 mailbox databases, which can in turn support 5,000 or more users with up 16T worth of space. Coupling these hefty servers with an Active Directory deployment means agencies can consider messaging an enterprisewide activity rather than one each office grapples with independently.

'I think there is a big benefit to having organizational consolidation rather than having islands of information,' Zaman said.

The Army didn't change its architecture to meet Exchange 2003, Wink said, though Exchange 2003 fit nicely in the Army's overall goal of server consolidation. One of the advantages the Army will see with one central directory is that a reassigned soldier can access e-mail without reconfiguration.

Originally, the Army had individual Exchange 5.5 implementations at each of the hundred or so installations dotted throughout Korea, Robinson said. The migration team established a central architecture supported by four regional hubs. In the United States, two enterprise hubs will be set up to coordinate traffic among the installations.

Moving to an enterprisewide messaging system can be fraught with political baggage, Wink warned. Office administrators may not want to give up control of their mailboxes. Therefore you must get buy-in, both at the local level'where the work to transition the mailboxes is done'and with top brass who must champion the project.

In addition, naming conventions, usage policies and other aspects must be normalized across the organization'all of which requires policy. On a technical level, for instance, permission settings must be reviewed for each user. Policy settings that worked fine for one department may be dangerous when applied to the whole organization. Storage is another issue to consider when ramping up to an enterprise deployment. In most cases with Exchange 5.5, the server itself held the databases. Given sufficient consolidation, however, an organization may want to offload the databases to a storage area network. In Korea, the Army deployed SANs from EMC Corp. of Hopkinton, Mass.

Software can also help manage storage issues. Enterprise Vault from Veritas Software Corp. of Mountain View, Calif., allows systems to automatically offload older data to storage networks, saving more-costly disk space, according to Jeff Hausman, director of product marketing for Veritas. Administrators can also use the software to offload as much material as possible before a migration, minimizing the time needed to copy files to the new server, he said.

The upgrade team should keep in mind that user space requirements have grown since original Exchange implementations, when e-mail probably wasn't as mission-critical. Questions to ask include: How much space does each user take now, and how much will they use in the future?

'Doing a little bit of prep work to figure out what the storage requirements will be three or five years from now helps you in designing an infrastructure that is designed for the future, rather than just today,' Zaman said.

When it comes to hardware, the upgrade team faces two possible paths. One is to install Exchange 2003 on a new server, one running either Windows 2000 or Windows 2003 Server software. Once Exchange is running, the upgrade team simply copies the mailboxes to the new server.

The other option is to upgrade an existing server, a financially appealing choice, given Microsoft's surprisingly modest hardware recommendations for running Exchange 2003 (512 MB of random access memory on the equivalent of a 733-MHz processor). This approach may require more nuanced planning, given the peculiar combinations of Exchange and Microsoft Windows that may or may not work together.

Extra server trick

The trick to upgrading the software on existing hardware is to have an extra server on hand, said Don Baker, technical architect for Internosis. Prepare an Exchange 2003 installation on the extra server, and move the accounts from the first working server onto this machine. Then reformat the old server and transfer onto it the data from the working second legacy server. And so on.

Microsoft provides its own migration tools for moving mailboxes to Exchange 2003, but customized software may streamline the transition. For instance, Quest makes a tool called Exchange Migration Wizard that automates moving mailboxes. The company markets the software for high-volume migrations, according to Scott Geddicks, the company's Microsoft engagement manager. Internosis used Quest's software to aid in its work in Korea.

Quest's software installs at the source and target servers agents that copy mailbox material from the old location to the new one. Using agents cuts the copying time considerably, since data doesn't have to travel through an intermediate server, Geddicks said.

As each item is copied to the new location, the software leaves a pointer at the old location, allowing the user to access data even as the migration takes place. When the user requests an item from the old server, the request is automatically redirected to the new server. The pointers remain in place until the client software itself has been redirected to access material on the new server, which can be done later with a script.

Sooner or later, agencies must face the inevitable. And as the Army and the Social Security Administration have learned, the sooner the Exchange migration begins, the sooner the agency can enjoy the benefits of the new software.